Security scanning method and apparatus for mini program, and electronic device
Abstract
Methods, systems, and devices, including computer programs encoded on computer storage media, for security scanning a mini program are provided. One of the methods includes: obtaining a target mini program to be released, invoking a security scanning strategy combination to perform multi-dimensional security scanning on the target mini program; and when the target mini program passes the multi-dimensional security scanning, releasing the target mini program to a server. The multi-dimensional security scanning may include malicious code scanning on the target mini program, security loophole scanning on the target mini program, and security loophole scanning on a server interface of the target mini program.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A security scanning method for a mini program, comprising:
obtaining a target mini program to be released;
invoking a security scanning strategy combination to perform multi-dimensional security scanning on the target mini program, wherein the multi-dimensional security scanning comprises malicious code scanning on the target mini program, security loophole scanning on the target mini program, and security loophole scanning on a server interface of the target mini program;
wherein the security loophole scanning on the target mini program comprises one or more loophole scanning programs including:
determining whether the target mini program includes a sensitive information leaking loophole,
determining whether the target mini program includes an HTML code loophole,
determining whether the target mini program includes a JS code loophole, and
determining whether the target mini program includes an unauthorized external resource reference loophole; and
when the target mini program passes the multi-dimensional security scanning, releasing the target mini program to a server.
2. The method according to claim 1 , wherein the malicious code scanning on the target mini program comprises one or more of:
determining whether the target mini program includes a payload;
determining whether a malicious invoking function is present in functions invoked by the target mini program, wherein the malicious invoking function is an unauthorized invoking function for the target mini program; and
determining whether content invoked by the target mini program includes non-compliant content.
3. The method according to claim 2 , wherein the determining whether the target mini program includes a payload comprising:
parsing codes and data in a load of the target mini program; and
comparing the parsed codes and data with samples of known payloads.
4. The method according to claim 2 , wherein the determining whether content invoked by the target mini program includes non-compliant content comprises:
parsing media and text content invoked by the target mini program; and
comparing the parsed media and text content with non-compliant content samples.
5. The method according to claim 1 , wherein the security loophole scanning on the target mini program comprises:
performing a comparison with a loophole database by one or more loophole scanners corresponding to the one or more loophole scanning programs.
6. The method according to claim 1 , wherein the security loophole scanning on a server interface of the target mini program comprises:
parsing the server interface of the target mini program; and
performing interface loophole scanning on the parsed server interface.
7. The security scanning method according to claim 1 , further comprising:
blocking a release flow of the target mini program responsive to the target mini program not passing the multi-dimensional security scanning.
8. A security scanning device for a mini program, comprising one or more processors and a non-transitory computer-readable memory coupled to the one or more processors and configured with instructions executable by the one or more processors to perform operations comprising:
obtaining a target mini program to be released;
invoking a security scanning strategy combination to perform multi-dimensional security scanning on the target mini program, wherein the multi-dimensional security scanning comprises malicious code scanning on the target mini program, security loophole scanning on the target mini program, and security loophole scanning on a server interface of the target mini program;
wherein the security loophole scanning on the target mini program comprises one or more loophole scanning programs including:
determining whether the target mini program includes a sensitive information leaking loophole,
determining whether the target mini program includes an HTML code loophole,
determining whether the target mini program includes a JS code loophole, and
determining whether the target mini program includes an unauthorized external resource reference loophole; and
when the target mini program passes the multi-dimensional security scanning, releasing the target mini program to a server.
9. The device according to claim 8 , wherein the malicious code scanning on the target mini program comprises one or more of:
determining whether the target mini program includes a payload;
determining whether a malicious invoking function is present in functions invoked by the target mini program, wherein the malicious invoking function is an unauthorized invoking function for the target mini program; and
determining whether content invoked by the target mini program includes non-compliant content.
10. The device according to claim 9 , wherein the determining whether the target mini program includes a payload comprises:
parsing codes and data in a load of the target mini program; and
comparing the parsed codes and data with samples of known payloads.
11. The device according to claim 9 , wherein the determining whether content invoked by the target mini program includes non-compliant content comprises:
parsing media and text content invoked by the target mini program; and
comparing the parsed media and text content with non-compliant content samples.
12. The device according to claim 8 , wherein the security loophole scanning on the target mini program comprises:
performing comparison with a loophole database by one or more loophole scanners corresponding to the one or more loophole scanning programs.
13. The device according to claim 8 , wherein the security loophole scanning on a server interface of the target mini program comprises:
parsing the server interface of the target mini program; and
performing interface loophole scanning on the parsed server interface.
14. The device according to claim 8 , wherein the operations further comprise:
blocking a release flow of the target mini program responsive to the target mini program not passing the multi-dimensional security scanning.
15. A non-transitory computer-readable storage medium for security scanning for a mini program, storing instructions executable by one or more processors to cause the one or more processors to perform operations comprising:
obtaining a target mini program to be released;
invoking a security scanning strategy combination to perform multi-dimensional security scanning on the target mini program, wherein the multi-dimensional security scanning comprises malicious code scanning on the target mini program, security loophole scanning on the target mini program, and security loophole scanning on a server interface of the target mini program;
wherein the security loophole scanning on the target mini program comprises one or more of:
determining whether the target mini program includes a sensitive information leaking loophole;
determining whether the target mini program includes an HTML code loophole;
determining whether the target mini program includes a JS code loophole; and
determining whether the target mini program includes an unauthorized external resource reference loophole; and
when the target mini program passes the multi-dimensional security scanning, releasing the target mini program to a server.
16. The non-transitory computer-readable storage medium according to claim 15 , wherein the malicious code scanning on the target mini program comprises one or more of:
determining whether the target mini program includes a payload;
determining whether a malicious invoking function is present in functions invoked by the target mini program, wherein the malicious invoking function is an unauthorized invoking function for the target mini program; and
determining whether content invoked by the target mini program includes non-compliant content.
17. The non-transitory computer-readable storage medium according to claim 16 , wherein the determining whether the target mini program includes a payload comprises:
parsing codes and data in a load of the target mini program; and
comparing the parsed codes and data with samples of known payloads.
18. The non-transitory computer-readable storage medium according to claim 16 , wherein the determining whether content invoked by the target mini program includes non-compliant content comprises:
parsing media and text content invoked by the target mini program; and
comparing the parsed media and text content with non-compliant content samples.
19. The non-transitory computer-readable storage medium according to claim 15 , wherein the security loophole scanning on a server interface of the target mini program comprises:
parsing the server interface of the target mini program; and
performing interface loophole scanning on the parsed server interface.
20. The non-transitory computer-readable storage medium according to claim 15 , wherein the operations further comprise:
blocking a release flow of the target mini program responsive to the target mini program not passing the multi-dimensional security scanning.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.